Comprehensive 
Nmap 
Command 


Giuide 


AvPractical Reference for 
Ethical Hackers and 
Pentesters 


Biswadeb Mukherjee 


Comprehensive NMAP Command Guide | Biswadeb Mukherjee. 


Table Of Content 


e Introduction to Nmap 

e Installation 

e Basic Commands 

e Host Discovery 

e Port Scanning 

e Service and Version Detection 
e Operating System Detection 

e Stealth and Advanced Scanning 
e Script Scanning 

e Firewall and IDS/IPS Evasion 
e Vulnerability Scanning 

e Timing and Performance 

e Output Options 

e Miscellaneous 

e Credit 

e Original Software Creator 


Comprehensive NMAP Command Guide | Biswadeb Mukherjee 


Introduction to Nmap 


Nmap (Network Mapper) is a free and open-source software created and 
maintained by Gordon F. Lyon and the Nmap Community for network discovery 
and security auditing (Lyon, 2024). It is widely used by network administrators, 
ethical hackers, and security researchers to map networks, discover hosts, detect 
services, and test for vulnerabilities. Nmap offers a comprehensive set of features 
that make it an essential tool in the cybersecurity domain. 


Installation 


Nmap can be installed on various platforms including Linux, Windows, and macOS. 
Here are the basic installation steps for each platform: 


1. Linux: Use the package manager of your distribution. For example: 
e Ubuntu/Debian: sudo apt install nmap 
e CentOS/RHEL: sudo yum install nmap 
2. Windows: Download the installer from the official Nmap website 
(https://nmap.org/) and follow the instructions. 
3. macOS: Install using Homebrew: - 
e brew install nmap 


Once installed, verify the installation by running the nmap --version 
command. 
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Basic Commands 


Command Description Example 
nmap target Scans the specified nmap 192.168.1.1 
target. 
nmap targetl target2 | Scans multiple targets. nmap 192.168.1.1 192.168.1.2 
nmap CIDR Scans a network range nmap 192.168.1.0/24 
using CIDR. 
nmap -iL file Scans targets from a file. | nmap -iL targets.txt 
nmap -v target Performs a verbose nmap -v 192.168.1.1 
scan. 
Host Discovery 
Command Description Example 
nmap -sP target | Performs a ping scan to check host | nmap -sP 192.168.1.0/24 
availability. 
nmap -PS port | Sends TCP SYN probes to discover | nmap -PS80 192.168.1.0/24 
hosts. 
nmap -PU port | Sends UDP probes to discover nmap -PU53 192.168.1.0/24 
hosts. 
nmap -PP Uses ICMP timestamp requests for | nmap -PP 192.168.1.0/24 
discovery. 
nmap -PR Uses ARP requests for host nmap -PR 192.168.1.0/24 


discovery (local network). 


nmap -Pn Disable the host discovery phase | nmap -PR 192.168.1.0/24 
of the scan 
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Port Scanning 


Command Description 


Example 


nmap -p port Scans a specific port. 


nmap -p 80 192.168.1.1 


nmap -p range Scans a range of ports. 


nmap -p 1-100 192.168.1.1 


nmap -p- target Scans all 65,535 ports. 


nmap -p- 192.168.1.1 


nmap -sS target Performs a TCP SYN 


scan. 


Performs a TCP connect 
scan. 


nmap -sT target 


nmap -sS 192.168.1.1 


nmap -sT 192.168.1.1 


nmap -sU target Performs a UDP scan. 


nmap -sU 192.168.1.1 


Service and Version Detection 


Command Description 


Example 


Detects versions of 
services running. 


nmap -sV target 


Performs a more 
thorough version scan. 


nmap --version-all 


nmap -sV 192.168.1.1 


nmap -sV --version-all 
192.168.1.1 


Performs a faster version 
scan. 


nmap --version-light 


nmap -sV --version-light 
192.168.1.1 


Operating System Detection 


Command Description 


Example 


nmap -O target Detects the operating 
system. 


nmap -O 192.168.1.1 


Enables OS and version 
detection. 


nmap -A target 


nmap -A 192.168.1.1 
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Stealth and Advanced Scanning 


Command Description Example 
nmap -sF target Performs a FIN scan. | nmap -sF 192.168.1.1 
nmap -sX target Performs an Xmas nmap -sX 192.168.1.1 

scan. 
nmap -sN target Performs a NULL nmap -sN 192.168.1.1 
scan. 
nmap --scan-delay Delays packets by nmap --scan-delay 100ms 
time specified time. 192.168.1.1 


Script Scanning 


Command Description Example 
nmap --script=script Runs a specific NSE | nmap --script=http-title 
script. 192.168.1.1 
nmap --script=category | Runs all scripts ina | nmap --script=vuln 192.168.1.1 
category. 
nmap --script-args=args | Specifies arguments | nmap --script=ssh-brute --script- 
for scripts. args userdb=users.txt 
192.168.1.1 


Firewall and IDS/IPS Evasion 


Command Description Example 

nmap -D RND:10 Generates 10 random | nmap -D RND:10 192.168.1.1 

target decoy IPs. 

nmap -f target Uses tiny fragmented | nmap -f 192.168.1.1 
packets. 

nmap --mtu value Sets custom MTU for | nmap --mtu 32 192.168.1.1 
packets. 

nmap --data-length Adds extra data to nmap --data-length 50 

value packets. 192.168.1.1 


Note: Use these techniques only with proper authorization to comply with ethical and legal standards. 
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Vulnerability Scanning 


Command 


Description 


Example 


nmap --script=vuln 
target 


Runs vulnerability 
detection scripts. 


nmap --script=vuln 192.168.1.1 


Timing and Performance 


Command 


Description 


Example 


nmap -T level target 


Sets the timing 
template (0-5). 


nmap -T4 192.168.1.1 


nmap --min-rate rate 


nmap --max-rate rate 


Sets minimum packet 
rate. 
Sets maximum packet 
rate. 


nmap --min-rate 1000 
192.168.1.1 
nmap --max-rate 1000 
192.168.1.1 


Output Options 


Command 


Description 


Example 


nmap -ON file 


Saves output in 
normal format. 


nmap -ON scan.txt 192.168.1.1 


nmap -oX file 


Saves output in XML 
format. 


nmap -oX scan.xml 192.168.1.1 


nmap -0G file 


Saves output in 
grepable format. 


nmap -oG scan.gnmap 
192.168.1.1 


nmap -oA basename 


Saves output in all 
formats. 


nmap -OA fullscan 192.168.1.1 
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Miscellaneous 
Command Description Example 

nmap -6 target Scans an IPv6 target. nmap -6 2001:db8::1 

nmap -sL target Lists all hosts in the nmap -sL 192.168.1.0/24 
specified range. 

nmap --reason Displays reasons for nmap --reason 192.168.1.1 
port states. 

nmap --packet-trace | Displays detailed nmap --packet-trace 
packet trace. 192.168.1.1 
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network discovery, service detection, and security auditing. For official Nmap 
documentation and resources, visit https://nmap.org/docs.html. 
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